diff --git a/.env b/.env
index 69a7f4d1..fcec0173 100644
--- a/.env
+++ b/.env
@@ -2,7 +2,11 @@
 PORT = 6688
 
 # 允许的域名
-ALLOWED_DOMAIN = "*"
+ALLOWED_DOMAIN = "https://api-hot.imsyy.top"
+
+# 允许的主域名，请填写为 imsyy.top
+## 若填写该项，将忽略 ALLOWED_DOMAIN
+ALLOWED_HOST = "imsyy.top"
 
 # ROBOT
 DISALLOW_ROBOT = true
diff --git a/src/app.tsx b/src/app.tsx
index 2f3674a7..336eec98 100644
--- a/src/app.tsx
+++ b/src/app.tsx
@@ -28,7 +28,11 @@ app.use(
   "*",
   cors({
     // 可写为数组
-    origin: config.ALLOWED_DOMAIN,
+    origin: (origin) => {
+      // 是否指定域名
+      const isSame = origin.endsWith(config.ALLOWED_HOST);
+      return isSame ? origin : config.ALLOWED_DOMAIN;
+    },
     allowMethods: ["POST", "GET", "OPTIONS"],
     allowHeaders: ["X-Custom-Header", "Upgrade-Insecure-Requests"],
     credentials: true,
diff --git a/src/config.ts b/src/config.ts
index bfaf548f..9f66ffd4 100644
--- a/src/config.ts
+++ b/src/config.ts
@@ -9,6 +9,7 @@ export type Config = {
   CACHE_TTL: number;
   REQUEST_TIMEOUT: number;
   ALLOWED_DOMAIN: string;
+  ALLOWED_HOST: string;
   USE_LOG_FILE: boolean;
   RSS_MODE: boolean;
 };
@@ -45,6 +46,7 @@ export const config: Config = {
   CACHE_TTL: getNumericEnvVariable("CACHE_TTL", 3600),
   REQUEST_TIMEOUT: getNumericEnvVariable("CACHE_TTL", 6000),
   ALLOWED_DOMAIN: getEnvVariable("ALLOWED_DOMAIN") || "*",
+  ALLOWED_HOST: getEnvVariable("ALLOWED_HOST") || "imsyy.top",
   USE_LOG_FILE: getBooleanEnvVariable("USE_LOG_FILE", true),
   RSS_MODE: getBooleanEnvVariable("RSS_MODE", false),
 };